SitePoint Sponsor

User Tag List

Page 1 of 4 1234 LastLast
Results 1 to 25 of 76
  1. #1
    SitePoint Wizard
    Join Date
    Jan 2001
    Location
    Grand Rapids, MI
    Posts
    1,284
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Post The Getting Rid of Spyware HOWTO

    Attention!

    This guide below is quite old and I have not updated it in a long time. I would recommend everyone check out this guide instead as it is updated more frequently and is much more accurate today. Thanks!

    --------------------------------------------------------------------------

    I have seen lots of questions around here regarding spyware, browser infections, and adware. I thought I would post this guide for getting rid of all these problems.

    Contents:
    1. Download programs
    2. Removing browser annoyances
    3. Removing messenger problems
    4. Removing general adware
    5. Protecting yourself


    1.) Download Programs
    -------------------------------------------------
    There are number of programs that remove adware and the like, but the following have proved to be the most reliable:

    *Updated 20.08.2008 - Ingoal*

    Malwarebytes' Anti-Malware
    SuperAntispyware
    Lavasoft's Ad-aware - Good for removing general spyware. The old favorite.
    Spybot - Search & Destroy - Excellant program for removing spyware. The current favorite.
    HiJackThis - Good for removing browser infections such as toolbars, annoying home pages that wont' go away, and more.

    *Updated 20.08.2008 - Ingoal*

    2.) Removing browser annoyances
    -------------------------------------------------
    If your browser is infected with any of the following:

    • Search Toolbar's
    • Home Pages that won't change
    • Etc,....

    then please install HiJackThis. Once you have it installed follow the instructions below:
    1. Close ALL open IE Windows and Windows Explorer windows.
    2. Start the program.
    3. Click the scan button.
    4. Click save log. Save the file to your desktop
    5. Post the log file here or at Spyware Info Forums.
    6. We can look through the log file to tell you what to remove.
    7. Once we tell you what to remove, open the program and run the scan again.
    8. Check the boxes next to the lines we tell you to.
    9. Then click Fix Checked. The problems should fe fixed!

    3. Removing messenger problems
    -------------------------------------------------
    Do you often get messages poping up asking you to buy a college diploma? If you get these messages that have the title "Messenger" then follow these steps to stop them:

    1. Click Start > Run
    2. Type services.msc
    3. Find the service named Messenger
    4. Right click and click Properties
    5. Where is says "Startup Type:" select Disabled from the list.
    6. Click OK.
    7. Close the Services window.

    The Messenger service is now stopped. This is the service that allows spammers and such to send messages to your PC. Disabling it will prevent them from using it to message you.

    4.) Removing general adware
    -------------------------------------------------
    First, download the programs mentioned in step 1. You may be asking do I need both? Not really, but to be most effective it works best if you use both. I personally run Spybot first then Ad-aware second just to be sure.

    Running Spybot:
    1. Start the program
    2. It may display a warning about Ad-aware being installed. You can safely ignore this. All it says is that Ad-aware has a quarentine folder where it moves adware that may be detected by Spybot.
    3. Click Search for Updates to update Spybot to the latest spyware definitions.
    4. Once that is done, select Spybot S&D from the side.
    5. Click Search & Destroy.
    6. Then click Check for Problems at the bottom.
    7. Click the Fix Selected Problems button at the bottom.
    8. Click yes.
    9. You are now done and can close the program.

    Running Ad-aware:

    1. Open the program and look in the bottom right corner and click on Check for updates and download the latest reference files.
    2. In the main window click Start then Activate in-depth scan.
    3. Click on Use custom scanning options and then click on Customize and select the following options:
      • Under Drives and Folders put a check by "Scan within archives" and below that under Memory and Registry put a check by all five options.
      • Next click on the Tweak button in that same window.
      • Under Scanning engine select "Unload recognized processes during scanning"
      • Under Cleaning Engine select "Let windows remove files in use at next reboot"

    4. Click on Proceed to save your settings.
    5. Now click on the Next button.
    6. When the scan is finished, right click in the window and choose select all from the drop down menu and then click on Next, when you have finished reboot.

    Thanks to MildSeven for these directions

    Your PC should now be free of Spyware.

    5. Protecting yourself
    -------------------------------------------------
    What can your do to protect yourself? Install a firewall. A firewall will prevent outsiders from installing adware on your PC without you knowing about it. Some good firewalls are below:

    ZoneAlarm
    Sygate Personal Firewall

    Also, be sure to run Ad-aware, and Spybot once a month or so. If your PC starts to run funny, the first thing I do is run both of those programs. Also, be smart, if your downloading of Kazaa, then there is a good chance you could get infected. Another easy way to get infected is to use Internet Explorer. Many sites automatically install junk just by visiting them if your are using IE. I recommend using Mozilla Firefox or Opera.

    This concludes the guide. If you have any comments, suggestions, or anything else to say let me know!.

    Thanks,

    -Ben
    Last edited by Ingoal; Aug 20, 2008 at 07:10.

  2. #2
    Original Gangster silver trophy Thing's Avatar
    Join Date
    Oct 2000
    Location
    Philadelphia, PA
    Posts
    4,708
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Great resource, good work Ben!

  3. #3
    SitePoint Wizard bronze trophy
    Join Date
    Apr 2003
    Posts
    4,095
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks a lot, Ben! Very useful!

  4. #4
    SitePoint Member
    Join Date
    Apr 2004
    Location
    NZ
    Posts
    21
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Ad-Aware custom settings.

    These are the custom settings for Ad-aware recommended in most of the spyware forums.

    AD-AWARE 6.0 Build 181

    Open the program and look in the bottom right corner and click on Check for updates and download the latest reference files.

    In the main window click Start then Activate in-depth scan.

    Click on Use custom scanning options and then click on Customize and select the following options:

    Under Drives and Folders put a check by "Scan within archives" and below that under Memory and Registry put a check by all five options.

    Next click on the Tweak button in that same window.

    Under Scanning engine select "Unload recognized processes during scanning"

    Under Cleaning Engine select "Let windows remove files in use at next reboot"

    Click on Proceed to save your settings.

    Now click on the Next button.

    When the scan is finished, right click in the window and choose select all from the drop down menu and click on Next, when you have finished reboot.


    Maybe this can be edited on to Ben's post.

  5. #5
    trip ket's Avatar
    Join Date
    Feb 2004
    Location
    Portugal
    Posts
    327
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    nice job ben

    another note that you see in most spyware forums, when talking about HiJack This! instalation is:
    Create and Unzip to a folder not your Desktop or the Temp folder, doubleclick HijackThis.exe, and hit "Scan". (Otherwise the backups created by it will clutter your screen)


  6. #6
    trip ket's Avatar
    Join Date
    Feb 2004
    Location
    Portugal
    Posts
    327
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ohhhh, and after

    3. Click the scan button.
    i'd suggest to also add this:

    Don't fix anything yet!

    lol

  7. #7
    100% Windoze-free earther's Avatar
    Join Date
    Feb 2003
    Location
    Linuxland
    Posts
    2,788
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Is 'messanger' a typo or do you mean 'messenger'? Would make a difference when typing in a search.

    http://forums.net-integration.net/ offers excellent support for both Spybot S&D and HijackThis.

    Another excellent preventative measure is SpywareBlaster

  8. #8
    SitePoint Wizard
    Join Date
    Jan 2001
    Location
    Grand Rapids, MI
    Posts
    1,284
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by earther
    Is 'messanger' a typo or do you mean 'messenger'? Would make a difference when typing in a search.
    Thanks!

  9. #9
    SitePoint Zealot Firestorm2003's Avatar
    Join Date
    Aug 2003
    Location
    England
    Posts
    121
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is an excellent guide! Huge thanks!

  10. #10
    SitePoint Zealot moagw's Avatar
    Join Date
    Nov 2003
    Location
    Kentucky, USA
    Posts
    188
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I run spybot and it works great, is there any resources as far as which of those files SHOULD be there?? or files that definately SHOULDN"T be there??

  11. #11
    SitePoint Member
    Join Date
    Apr 2004
    Location
    NZ
    Posts
    21
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You may want to add these 2 programs under "Protection". Since I've been running SpywareBlaster and SpywareGuard Ad-aware and SpyBot S&D have come up clean everytime! SpywareGuard runs in realtime in the system tray, it has "browser hijack prevention" which warns you when a hijacker tries to change your homepage. It also scans all downloads and warns of any malware trying to install itself.

    Both programs can be found here:

    http://www.javacoolsoftware.com/

    Cheers,
    Steve

    Ooops you can get SpywareGuard here:

    http://www.javacoolsoftware.com/spywareguard.html
    Last edited by Mildseven; Apr 8, 2004 at 20:39.

  12. #12
    SitePoint Wizard bronze trophy
    Join Date
    Apr 2003
    Posts
    4,095
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I also think it's worth mentioning EarthLink's SpywareBlocker (free to members using TotalAccess software). While not nearly as good as AdAware or Spybot, it removed a lot of spyware and adware in my testing, and is very unobtrusive.

    Its best feature is that it acts like a virus scanner, preventing spyware and adware from installing.

    Frankly, that's what I use.


  13. #13
    SitePoint Wizard megamanXplosion's Avatar
    Join Date
    Jan 2004
    Location
    Kentucky, USA
    Posts
    1,099
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think that another thing should be added to this list. Don't use Internet Explorer! That's where the majority of problems come from, and it's weird that isn't mentioned anywhere in the 'protect yourself' section.

  14. #14
    SitePoint Member tombrokeoff's Avatar
    Join Date
    Jul 2004
    Location
    houston, tx
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Angry HiJack This Help

    Below is my HiJack This Log....can someone help me out with what exactly to remove? I am pretty certain all of the "Search Assistant" crap is bad...but alot of it, once I remove it, it comes back....thanks in advance

    Logfile of HijackThis v1.97.7
    Scan saved at 12:47:26 AM, on 7/15/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir...ie&ar=iesearch

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

    O4 - HKLM\..\Run: [WinXPLoad] Rundll32 LoadDll,LoadExe WinXPLoad.exe

    O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"

    O4 - HKLM\..\Run: [WCOLOREAL] C:\Program Files\COMPAQ\COLOREAL\COLOREAL.EXE

    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osbootO4 - HKLM\..\Run: [SystemTray] SysTray.Exe

    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

    O4 - HKLM\..\Run: [SpyHunter] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

    O4 - HKLM\..\Run: [LINUX32] C:\WINDOWS\SYSTEM32\LINUX32.vbs

    O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82"

    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

    O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\CPQMLDET.exe

    O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r

    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe

    O4 - HKLM\..\Run: [CpqBootPerfDb] C:\Cpqs\Scom\CpqBootPerfDb.exe

    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

    O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe

    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

    O4 - Global Startup: loader.exe

    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

    O9 - Extra button: AOL Instant Messenger (SM) (HKLM)

    O9 - Extra button: Related (HKLM)

    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

  15. #15
    SitePoint Enthusiast
    Join Date
    Jun 2004
    Location
    sydney
    Posts
    37
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    maybe you should start a separate thread?
    it will keep this thread i order.

  16. #16
    SitePoint Member tombrokeoff's Avatar
    Join Date
    Jul 2004
    Location
    houston, tx
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    just following...

    just following steps 2) 4. and 2) 5. of Bens original post here.

  17. #17
    SitePoint Enthusiast Black Genesis's Avatar
    Join Date
    Aug 2004
    Location
    Brisbane > Australia
    Posts
    26
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Tom Broke Off might be better if you posted your log in spyware info forums. Might be quicker for you.

    Anyway i have a question:

    "Whats the difference betweenMozilla Firefox and Opera." Which one is better ?
    P C u s t o m s - http://www.pcustoms.cjb.net

  18. #18
    SitePoint Enthusiast Black Genesis's Avatar
    Join Date
    Aug 2004
    Location
    Brisbane > Australia
    Posts
    26
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Excuse my double post.

    Logfile of HijackThis v1.98.2
    Scan saved at 10:32:24 p.m., on 23/08/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    c:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
    c:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ATK0100\Hcontrol.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Chris\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com.tw
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://forums.ffgon.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://gameover.xepher.net/forums/
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - {965A592F-8EFA-4250-8630-7960230792F1} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Progra~1\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - (no file)
    O2 - BHO: (no name) - {6E040B6B-0900-4561-90BB-396BD6F22B97} - C:\WINDOWS\System32\msdoh.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\msgr.en-us.en-au\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [pccguide.exe] "c:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "c:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
    O4 - HKLM\..\Run: [Pop3trap.exe] "c:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0B80B60C-8736-4217-A52D-212064C969EC}: NameServer = 192.189.54.26 192.189.54.37
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0B80B60C-8736-4217-A52D-212064C969EC}: NameServer = 192.189.54.26 192.189.54.37
    O18 - Filter: text/html - {F4B11EA9-EA7B-4E68-B354-ABEEE20D409E} - C:\WINDOWS\System32\msdoh.dll
    O18 - Filter: text/plain - {F4B11EA9-EA7B-4E68-B354-ABEEE20D409E} - C:\WINDOWS\System32\msdoh.dll
    P C u s t o m s - http://www.pcustoms.cjb.net

  19. #19
    SitePoint Member
    Join Date
    Aug 2004
    Location
    San francisco
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    My log

    Logfile of HijackThis v1.98.2
    Scan saved at 4:11:05 PM, on 8/23/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    D:\WINNT\System32\smss.exe
    D:\WINNT\system32\winlogon.exe
    D:\WINNT\system32\services.exe
    D:\WINNT\system32\lsass.exe
    D:\WINNT\system32\svchost.exe
    D:\WINNT\system32\spoolsv.exe
    D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    D:\WINNT\System32\svchost.exe
    D:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
    D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    D:\WINNT\System32\nvsvc32.exe
    D:\WINNT\system32\regsvc.exe
    D:\WINNT\system32\MSTask.exe
    D:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    D:\WINNT\system32\stisvc.exe
    D:\WINNT\System32\WBEM\WinMgmt.exe
    D:\WINNT\system32\svchost.exe
    D:\WINNT\Explorer.EXE
    D:\Program Files\Common Files\Symantec Shared\SymTray.exe
    D:\Program Files\Common Files\Symantec Shared\ccApp.exe
    D:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    D:\WINNT\System32\svchost.exe
    D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    D:\Program Files\MSN Messenger\MsnMsgr.Exe
    D:\Program Files\PowerPlugs\Outlook Express Stationery\OLExp\winoeinit.exe
    D:\WINNT\system32\RunDLL32.exe
    D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    D:\Program Files\Yahoo!\Messenger\YPager.exe
    D:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    D:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    D:\Program Files\AIM95\aim.exe
    D:\Program Files\Winamp\Winamp.exe
    D:\PROGRA~1\WINZIP\winzip32.exe
    D:\Documents and Settings\Nitila Patel\Local Settings\Temp\HijackThis.exe
    D:\WINNT\system32\NOTEPAD.EXE
    D:\WINNT\system32\NOTEPAD.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crystalgraphics.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cust...//my.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [GhostStartTrayApp] D:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] D:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
    O4 - HKLM\..\Run: [AudioHQ] D:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [TrojanScanner] D:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] D:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
    O4 - HKCU\..\Run: [Schmaili] D:\Program Files\Schmaili31\Schmaili.exe
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [OEPowerPlugs] D:\Program Files\PowerPlugs\Outlook Express Stationery\OLExp\winoeinit.exe
    O4 - HKCU\..\Run: [AvaFind] "D:\Program Files\AvaFind\AvaFind.exe" /minimized
    O4 - HKCU\..\Run: [OfotoNow USB Detection] D:\WINNT\system32\RunDLL32.exe D:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
    O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/scri...ons/review.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM95\aim.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O16 - DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - https://conference.oracle.com/imtapp...ar/cnsload.cab
    O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
    O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/B...1/axofupld.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab27571.cab
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab30149.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{19B6DC3C-9BCA-4687-BFD3-5C4E09BBC1F4}: NameServer = 206.13.28.12,206.13.31.12
    O17 - HKLM\System\CS1\Services\Tcpip\..\{19B6DC3C-9BCA-4687-BFD3-5C4E09BBC1F4}: NameServer = 206.13.28.12,206.13.31.12
    O17 - HKLM\System\CS2\Services\Tcpip\..\{19B6DC3C-9BCA-4687-BFD3-5C4E09BBC1F4}: NameServer = 206.13.28.12,206.13.31.12

  20. #20
    SitePoint Member
    Join Date
    Sep 2004
    Location
    North Crater
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I need help... this annoying toolbar and popup keeps coming up whenever I open my browser. I followed the steps and downloaded HijackThis, and here is the log:

    Logfile of HijackThis v1.98.2
    Scan saved at 2:31:46 PM, on 9/8/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\Symantec\NORTON~2\GHOSTS~2.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\msnshell\msnshell.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\mp3 to wav\easymp3.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\Program Files\honestech\TV Plus 3.0\TVR 2.0\scheduleTV.exe
    C:\Program Files\ZMatrix\matrix.exe
    C:\WINDOWS\System32\nvsvc32.exe
    c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.portalsearching.com/search.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bgevhzojzrgsybjwydelxhqwt...LT7ohIQRTl.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.portalsearching.com/search.php?phrase=%s
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: bwrntuytztabqhxeehgz - {6b4cd4b0-54bf-4a8b-ae94-29175eafb4a2} - C:\DOCUME~1\Bryant\APPLIC~1\gliezstsbl.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [media 32] C:\PROGRA~1\JUNKHT~1\LiveTrust.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MSNShell] C:\Program Files\msnshell\msnshell.exe autorun
    O4 - HKLM\..\Run: [axishidereadmeowns] C:\Documents and Settings\All Users\Application Data\link safe axis hide\Teamway.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [EasyMP3] c:\mp3 to wav\easymp3.exe -startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: ZMatrix.lnk = C:\Program Files\ZMatrix\matrix.exe
    O4 - Global Startup: Phone Connection Monitor.lnk = C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
    O4 - Global Startup: Schedule TV.lnk = C:\Program Files\honestech\TV Plus 3.0\TVR 2.0\scheduleTV.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.can.com.sg/mwf/mgaxctrl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab

  21. #21
    SitePoint Wizard
    Join Date
    Aug 2002
    Location
    N.Ireland
    Posts
    1,046
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Can someone advise me what to remove, I've posted my log below. IE is ignoring stylesheets and I've tried reinstalling, uninstalling, checking registry keys, I've ran Spybot and Ad-aware and still I'm no further on

    Logfile of HijackThis v1.98.2
    Scan saved at 10:51:32, on 08/09/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\COMPAQ\ACLIENT\ACLIENT.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
    C:\WINNT\Cpqdiag\Cpqdfwag.exe
    C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
    C:\WINNT\system32\PROMon.exe
    C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
    C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    C:\WINNT\System32\NMSSvc.exe
    C:\WINNT\System32\igfxtray.exe
    C:\WINNT\System32\hkcmd.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
    C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\WINNT\System32\hpnra.exe
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Winad Client\Winad.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\Winad Client\WinClt.exe
    C:\WINNT\system32\NDrv.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\mozilla.org\Mozilla\mozilla.exe
    C:\Program Files\BestFTP Explorer 2000\BestFTPExplorer.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\darren\Local Settings\Temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    acquiweb.*;http://www.*;http://search1.psn-ni.g...n-ni.gov.uk/*;

    O1 - Hosts: 145.229.158.89 digory
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: AccessibilityToolbar - {9E0C6AAD-A8E3-4E49-9DBD-786099B599A4} - C:\Program Files\AccessibilityToolbar Toolbar\AccessibilityToolbar.dll
    O3 - Toolbar: &Accessibility Toolbar - {11352A67-0178-46B1-8855-D50B2F81C054} - C:\PROGRA~1\ACCESS~3\ACCESS~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINNT\System32\hpnra.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\Program Files\ScanSoft\PDF Converter\RegistryController.exe"
    O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
    O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe
    O4 - HKCU\..\Run: [Internat.exe] internat.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [NDrv] C:\WINNT\system32\NDrv.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer\Add_UrlO.htm
    O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer\Add_AllO.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Toggle AccessibilityToolbar toolbar - {F1D75287-2EF6-4E41-A305-A27A7921ECAA} - C:\Program Files\AccessibilityToolbar Toolbar\AccessibilityToolbar.dll
    O9 - Extra 'Tools' menuitem: &AccessibilityToolbar toolbar - {F1D75287-2EF6-4E41-A305-A27A7921ECAA} - C:\Program Files\AccessibilityToolbar Toolbar\AccessibilityToolbar.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...cdc9defbb7eddc
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2719a933...p/RdxIE601.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DDDB65F8-2554-425E-A85B-247E5FED6C3D}: Domain = dardni.gov.uk
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DDDB65F8-2554-425E-A85B-247E5FED6C3D}: NameServer = 145.229.158.30

  22. #22
    SitePoint Zealot btvillarin's Avatar
    Join Date
    Nov 2002
    Location
    Arcadia, California
    Posts
    119
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Before this thread gets any larger from Hijack This logs, I think I better recommend an article that explains a bit better about how to go about this method of ridding your PC of spyware. (No offense to Ben though, really!)

    Basic Spyware, Trojan And Virus Removal

    You should try to uninstall any offending programs that might've slipped by "accidently" through IE, or piggybacked with another program's install routine - in Safe Mode. Hopefully there, it won't be running and it'll leave with a slight reside that Spybot S&D can quickly wipe up easily.

    Anyways, again, that article is packed with information, so read up on it and follow through the steps before posting any further. At least, to keep the clutter down in this thread.
    Bryan T. Villarin
    All Narfed Up My System Rig

  23. #23
    SitePoint Member
    Join Date
    Sep 2004
    Location
    northampton
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Hijack this log file for advice

    Hi,

    I'm following instructions on the thread and posting my log file.

    Advice greatfully received.

    Thanks

  24. #24
    SitePoint Enthusiast
    Join Date
    May 2003
    Location
    Indiana
    Posts
    25
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Excellent resource! I am a computer service tech and spyware/virii is 95% of the work I do, its insane!

  25. #25
    SitePoint Member
    Join Date
    Nov 2004
    Location
    Vancouver
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    thanks

    I just want to say that i did all the stuff that Ben posted to get rid of spyware plus am now using Mozilla and my computer is the best its EVER been!
    Thanks boss


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •